Case Study: Borderline Success at the Department of Homeland Security

Edward Cone Avatar

Updated on:

At first glance, the Department of Homeland Security’s US-VISIT programmay seem an unlikely model for future government information-technology projects. That may be true on second glance, too.

But beyond the project’s very real shortcomings lies a possible template for smarter, faster work on important public-sector jobs. Steven Cooper, the founding chief information officer of DHS, says the project’s methodology of incremental releases and refinements, rather than the massive development-and-release cycle common to federal jobs, has “the potential to save hundreds of millions of dollars across agencies for taxpayers.” Robert Mocny, US-VISIT’s acting director, agrees, saying, “This is a model for rolling out such a large-scale system.”

For more on technology in government, read Three Big Government IT Projects That Struggled

Bold claims for a program that has spent $1 billion and counting, but has not yet delivered a key element of its original design, or a done-by date for that critical missing piece.

US-VISIT is a network of biometric-screening systems, such as fingerprint and ocular scanners, that ties into government databases and watch lists to check the identities of millions of people coming into the United States. Created in the wake of the Sept. 11 terror attacks, and implemented in a hurry to meet the suddenly-pressing demands of national security, the project is now operational in some 300 locations, including major international points of entry by air and sea; land borders are next. The Department of Homeland Security credits the program with keeping more than 1,350 criminals from entering the country. Among those nabbed: a murderer from Germany who had resettled in Canada; a Bulgarian national who had slipped into Costa Rica with somebody else’s $13 million; and an escaped detainee from Iraq.

Yet the system still lacks a vital (and long-promised) component: the capability to notify authorities when visitors subsequently leave the U.S. And beyond that missing piece, US-VISIT has been criticized repeatedly over its three-year life by its overseers in Congress and the Government Accountability Office for not setting specific timetables and metrics of success, shortcomings that are acknowledged by senior officials close to the project. Even the 9/11 Commission got in a few licks, noting that US-VISIT is cobbled together from several older systems and will need to be updated in short order with newer technology, including up-to-date biometric scanners.

“You can’t manage what you can’t measure, and there was never a definition of what the program would accomplish by a certain time,” says Randolph “Randy” Hite, director of information technology architecture and systems issues at the Government Accountability Office, who has monitored US-VISIT for years. “From the beginning we said, like any program, it needs to define and commit on what it will deliver in terms of capability, value, cost and timeline. Our reports kept saying the expenditure plans [the appropriations that fund the project] are a contract with Congress, so you need to disclose and commit and report, and be held accountable. That has not occurred. We were never able to link cost and capability. They got an annual appropriation, and spent it, but we could not see if a particular functionality was tied to the cost.”

Cooper, now CIO at the American Red Cross, does not disagree with Hite’s assessment. But he says the haste required to protect national security justified taking certain shortcuts on scheduling and system development along the way. “The team well understood what GAO and Congress were pointing out,” he says. “We simply didn’t have the time and resources to do it all. We did not set out to ignore good management practice [e.g., scheduling and executing on the exit system] and made tradeoff decisions to get capability on line to protect Americans. If time and national security were not involved, we might have done it differently.” For example, says Cooper, “We pushed to roll out the entrance portion of the system and didn’t focus on the exit portion, because screening people coming into the U.S. seemed more crucial. We decided that with X-number of action items that needed to be done, we couldn’t do them all in parallel, so we would try to do the first half-X, then pick up the rest.”

The original system checked only two fingerprints per person, rather than all ten. “We get criticized for that, but we’ve identified 20,000 people as immigration violators because we chose to move in a sequenced fashion,” says Mocny. The program is now moving toward acquiring new equipment that will allow checks of all ten digits, which is becoming the international standard for fingerprint identification.

There were choices made on how to do the work, as well. “We made a tradeoff on the amount of time spent on tests before turning things over to production,” says Cooper. “You always want to reduce defects as close to zero as possible; you can find 80 to 90 percent of defects in any software very quickly, but it takes much more time, proportionately, to find the rest. So if you release and then test in parallel to production, you can move a lot faster and realize tremendous value.”

Despite the project’s shortcomings, however, the release-and-refine methodology forced upon US-VISIT by circumstance has real promise for future projects.

Next page: Piece-by-Piece Project Planning

1 | 2 | 3 | 4